We understand that privacy and security are of prime importance, and we're here to let you know that we spend more time on security than just about anything else.
Protecting the data you trust to ScalePad is our first priority. We use physical, procedural, and technical safeguards to preserve the integrity and security of your information.
We have a progressive commitment to security excellence. Here's a summary of key points you should know:
- Multi-factor authentication (MFAMFA - Multi-factor authentication, or MFA, is a two-step verification process used to increase security measures to your account.) is available on all accounts
- See our Set up MFA article for instructions on how to set it up
- We have stringent backup and business continuity processes in place
- We adhere strictly to both procedural and technical standards for, but not limited to:
- Credential management and credential requirements
- Role-based privileged access control, as required for purpose
- Firewalls and locked-down modern, internal systems
When you set up a connection to ScalePad, we deliberately limit the surface area of the data we access to the bare minimum required. We only use it for the purposes of providing our service to you.
We regularly back up your data to prevent data loss and aid in recovery. We implement access restrictions on all of our systems and servers to better protect your information. All access is logged (including physical access).
With regards to your sensitive payment information, we don’t store that at all. It’s handled by our upstream payment gateway—the very reputable Stripe.
Amazon’s hosting platform is among the most secure and tested systems in history. Their entire infrastructure is PCI-DSS certified. AWS services maintain PCI-DSS Level 1, SSAE16 SOC 1, SOC 2 and SOC 3, ISO 27001, 27017 and 27018.
These above certifications cover selected AWS services, including their:
- Security governance
- Physical security
- Network infrastructure
- Change management
- Administration practices
With these established services, ScalePad delivers a secure, robust, and reliable application you can trust.
We host data in AWS secure SSAE 16 / SOC1 certified data centers, including third-party security researchers to ensure practices are secure.
If you're interested, SOC compliance statements are available on the AWS SOC FAQ page.
As a necessity to provide our service, the hardware asset information which ScalePad stores is as follows:
- Asset Name
- Organization and/or Site, Location
- Asset type
- Serial number
- User information
- Member information per organization
- Software (such as the OS, e.g. Windows 10)
- Purchase date
- Expiry date
Removing integrations will purge your data
If you choose to remove an integration from your ScalePad account, all associated data will be purged from our systems.
It makes sense that you might also be curious with regards to our security standards surrounding credential encryption. We're happy to share these key points with you:
- Passwords are encrypted with AES-256-bit encryption
- This includes a 2048-bit RSA public key, with secure random keys that are unique to each password
- The RSA private keys are encrypted with a secure, random RSA key passphrase
- These are stored in an isolated bucket, locked down to only allow access from our servers as required for decryption
- The decryption process takes place server-side
- The private key passphrases (and private keys themselves) are not stored in the database
- The private keys are stored in a secured bucket that is only accessible via the servers used for decryption
- Decrypted password data is never written to disk
- The web servers themselves are also locked down with multiple firewalls, whitelisting incoming/outgoing traffic and key-based access.
- Access to the entire ScalePad app is limited to strong SSL encryption over HTTPS
Credentials stored in ScalePad can never be recovered
For more information, including GDPR considerations
Updated 3 months ago